On 07/31/13 10:29 AM, espeake(a)oreillyauto.com wrote:
Okay here is what we are wanting to do and I need to know if it is
with openLDAP. We have a main production ldap server v. 2.4.28 running on
Ubuntu 10.04 We are adding two servers that will handle authenication and
Someone will inevitably tell you to step up to the latest release, so it
might as well be me. :)
Now that that's out of the way...
In a nut shell I want to have two systems that look the same and the
information for the second system would come from a sync with the first
system, but the second system would not be able to write back to the main
This kind of conflicts with your previous paragraph, which seems to say
that you want two systems that look the same and the second replicating
from the first, but you want BOTH to be writable.
I don't see how this would be sustainable. It's pretty much guaranteed
that at some point someone will make a change on your "DR" node that
will foul up the synchronization, such as deleting a container or an
object. You're setting yourself up for a split brain situation.
If you're willing to let the second node be read-only, then what you
want to do is more reasonable.